Privacy Policy

Last updated: 1 June 2025

This Privacy Policy explains how TripSums ("we", "us") collects, uses and protects your personal information when you use our web application and Chrome extension ("Service"). We take your privacy seriously and only collect what we need to run the Service.

1. What we collect

Data	Why we collect it	How long we keep it
Email address	Account creation, password reset, account communication	Until account deletion
Hashed password	Authentication (we never store your plain-text password)	Until account deletion
Session tokens	Keeping you logged in across sessions	30 days or until logout
Usage counters	Enforcing fair-use limits per plan	Rolled daily; 90-day log
IP address	Rate limiting anonymous requests; abuse prevention	24-hour rolling window
AI prompts	Sending to our AI backend to generate responses	Not stored after response
Subscription / order info	Activating Pro plan after payment via Lemon Squeezy	Until account deletion

We do not collect browsing history, location data, or any data from pages you visit outside the Service. The Chrome extension only activates on travel booking sites you explicitly open.

2. How we use your data

Providing and improving the Service
Authenticating your account and keeping you logged in
Enforcing usage limits and plan features
Processing subscription payments (handled by Lemon Squeezy — we never see card details)
Responding to support requests
Preventing abuse and fraud

We do not sell your personal data to third parties. We do not use your data for advertising.

3. Third-party services

OpenRouter / AI providers — your travel queries are sent to AI models to generate responses. Queries are not stored by us after the response is returned. Review OpenRouter's privacy policy for their data handling.
Lemon Squeezy — handles payment processing. We receive only order confirmation and subscription status. We never see your card details. See Lemon Squeezy's privacy policy.
Booking site affiliate links — when you click a booking link, you are redirected to third-party sites (Booking.com, Skyscanner, etc.) under their own privacy policies.

4. Cookies and local storage

The web app stores your session token and plan info in localStorage in your browser — this is not a tracking cookie. The Chrome extension stores auth tokens in chrome.storage.local on your device. We do not use advertising or analytics cookies.

5. Data security

Passwords are hashed with scrypt before storage — we cannot see your password. Session tokens are randomly generated 256-bit values. All traffic between your browser and our server uses HTTPS. Access to stored data is restricted to necessary server processes only.

6. Your rights

You have the right to:

Access the personal data we hold about you
Correct inaccurate data via your account settings
Delete your account and all associated data (Account → Danger Zone → Delete Account)
Withdraw consent for processing where processing is based on consent
Lodge a complaint with your national data protection authority

To exercise any right, email privacy@tripsums.com.

7. Children

The Service is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us data, please contact us and we will delete it.

8. Changes to this policy

We may update this policy from time to time. We will indicate the "last updated" date at the top. Significant changes will be communicated via the app or email.

9. Contact

Privacy questions or requests: privacy@tripsums.com